1. Summary

2. Relevant releases

VMware Workstation 7.1.4 and earlierVMware Player 3.1.4 and earlierVMware Fusion 3.1.2 and earlier

3. Problem Description

a. UDF file system import remote code executionA buffer overflow vulnerability is present in the way UDF file systems are handled. This issue could allow for code execution if a user installs from a malicious ISO image that was specially crafted by an attacker.VMware would like to thank an anonymous contributor working with the SecuriTeam Secure Disclosure program for reporting this issue to us.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-3868 to the issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product =============

Product Version =======

Running on =======

Replace with/ Apply Patch =================

VMware Product =============
vCenter

Product Version =======
any

Running on =======
Windows

Replace with/ Apply Patch =================
not affected

VMware Product =============
Workstation

Product Version =======
8.x

Running on =======
any

Replace with/ Apply Patch =================
not affected

VMware Product =============
Workstation

Product Version =======
7.x

Running on =======
any

Replace with/ Apply Patch =================
7.1.5 or later

VMware Product =============
Player

Product Version =======
3.x

Running on =======
any

Replace with/ Apply Patch =================
3.1.5 or later

VMware Product =============
AMS

Product Version =======
any

Running on =======
any

Replace with/ Apply Patch =================
patch pending

VMware Product =============
Fusion

Product Version =======
4.x

Running on =======
Mac OS/X

Replace with/ Apply Patch =================
not affected

VMware Product =============
Fusion

Product Version =======
3.1.x

Running on =======
Mac OS/X

Replace with/ Apply Patch =================
3.1.3 or later

VMware Product =============
ESXi

Product Version =======
any

Running on =======
ESXi

Replace with/ Apply Patch =================
not affected

VMware Product =============
ESX

Product Version =======
any

Running on =======
ESX

Replace with/ Apply Patch =================
not affected

4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.